/proc/sys/fs/mqueue/msg_max is IPC namespaced but it is always owned by root in the initial user namespace. A rootless container doesn't have enough privileges to write to it. You can verify it with: $ podman run --rm fedora stat /proc/sys/fs/mqueue/msg_max File: /proc/sys/fs/mqueue/msg_max Size: 0 Blocks: 0 IO Block: 1024 regular empty file Device: 7bh/123d Inode: 3634162 Links: 1 Access: (0644/-rw-r--r--) Uid: (65534/ nobody) Gid: (65534/ nobody) So given the current limitation in the kernel, you have two possible choices to workaround it: 1) run with --ipc host 2) get some help from root in the host: $ sudo nsenter -i -t $CONTAINER_PID sh -c 'echo $NEW_MSG_MAX > /proc/sys/fs/mqueue/msg_max' Giuseppe Michael Ivanov <ivans@isle.spb.ru> writes:Yes it is 256: island:backend [master]> cat /proc/sys/fs/mqueue/msg_max 256 On 20.05.2021 21:00, Daniel Walsh wrote: On 5/20/21 08:29, Michael Ivanov wrote: Hallo! I'm trying to run my application in podman rootless container and I stumble on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at least 256, but in running container this value is just 10. When I try to specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256') I get the following error: Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied and container is not created. My host where container is being run has this parameter set to 256. How can I expose current host setting for msg_max to my container? Best regards, When you login to your user account is is et to 256? $ cat /proc/sys/fs/mqueue/msg_max 10 _______________________________________________ Podman mailing list -- podman@lists.podman.io To unsubscribe send an email to podman-leave@lists.podman.io_______________________________________________ Podman mailing list -- podman@lists.podman.io To unsubscribe send an email to podman-leave@lists.podman.io
-- \ / | | (OvO) | Михаил Иванов | (^^^) | Тел.: +7(911) 223-1300 | \^/ | E-mail: ivans@isle.spb.ru | ^ ^ | |